09/07/2017

Enhancing Convenience and Adding Confidence with Standards and Interoperability

by Nigel Johnson

As organizations evaluate email encryption, it’s important to recognize that there is more to protecting email than S/MIME and SMTP. Like all IT investments, email encryption needs to work smoothly within a large ecosystem, and for email encryption, that ecosystem encompass mail servers, archiving, secure email gateways, data loss prevention (DLP), security information and event management (SIEM) and unified threat management (UTM). To give you peace of mind that Zix works with your IT investments, Zix has launched a compatibility program that details how our solutions interoperate with components of the email ecosystem and uses standards to make email encryption easy to use.

For example, we’ve used S/MIME to build the Zix Encryption Network that encrypts 100 percent of email traffic between thousands of Zix customers without any impact to your employees, customers or partners.
However, not everyone has S/MIME compatible email. For customers or partners who do not have those capabilities, we use a method that delivers encrypted messages to anyone, anywhere and on any device. For example our secure web portal uses a pull delivery method that works with in line frames (i-frames), open authorization (OAuth) and security assertion markup language (SAML) to deliver email in the most secure and convenient manner possible.

I-frames allow customers to embed the login page for the secure web portal into their homepage. SAML can then be used to access encrypted email through the use of existing customer log-in credentials. For example, a bank can embed a secure web portal into their homepage using i-frames, then customers can use their bank credentials to read or create sensitive emails. This means banks don’t need to send HTML attachments or links with their notifications emails. They simple notify their customers that a message is waiting at their secure message center.

Zix customers can also use OAuth to allow email recipients to use their Google or Microsoft credentials to authenticate to a secure web portal and retrieve their encrypted email.

The use of these standards creates an email encryption system that is easy to use and increasing in convenience with approximately 170,000 new people using Zix every week.

Compatibility is not just about working with the standards. We work closely with our customers to make sure that Zix fits into their architecture. ZixEncrypt has its own email DLP, but many customers use a comprehensive DLP solution such as Digital Guardian. In these cases, we use X-headers to allow policy communication between the DLP solution and Zix.

Archiving is important to our customers as well. ZixArchive works seamlessly with ZixEncrypt to automatically archive all email communication, but when customers already have an archiving solution in place, ZixEncrypt easily integrates with your system. ZixEncrypt offers a gateway architecture that encrypts email at the edge of the network, allowing your emails to be archived in the clear and easily retrievable. In addition, ZixEncrypt’s transparent delivery allows many of your partners to decrypt their email at the edge of their network, meaning you aren’t affecting their ability to archive. Zix’s support for TLS can also be used to help your partners archive. ZixMail, our end-to-end email encryption, supports a feature called corporate key, which allows companies the capability of decrypting email for business continuity. This means your archived emails are always retrievable.

These are just the few ways we easily work within your organization’s unique ecosystem. After nearly 20 years of experience, you can take comfort in knowing that Zix has deployed more than 19,000 customers and tested interoperability with hundreds of applications and services. Our compatibility program is yet one more assurance that not only will Zix provide you with industry-leading email security, we’ll do so without interfering with your current or future IT investments.